<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<TITLE>
Passive Scan
</TITLE>
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>Passive Scan</H1>
<p>
ZAP by default passively scans all HTTP messages (requests and responses) sent to the web application being tested.<br/>
Passive scanning does not change the requests nor the responses in any way and is therefore safe to use.<br/>
Scanning is performed in a background thread to ensure that it does not slow down the exploration
of an application.
</p>
<p>
The (main) behaviour of the passive scanner can be configured using the 
<a href="../../ui/dialogs/options/pscanner.html">Options Passive Scanner Screen</a>.
</p>
<p>
Passive scanning can also be used for automatically adding <a href="tags.html">tags</a>
and raising <a href="alerts.html">alerts</a> for potential issues.<br>
A set of rules for automatic tagging are provided by default. These can be changed, deleted or
added to via the <a href="../../ui/dialogs/options/pscan.html">Options Passive Scan Tags screen</a>.
</p>

<p>
The alerts raised by passive scanners can be configured using the 
<a href="../../ui/dialogs/options/pscanrules.html">Options Passive Scan Rules screen</a>.<br/>
</p>

<H2>See also</H2>
<table>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>
<a href="../../ui/overview.html">UI Overview</a></td><td>for an overview of the user interface</td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>
<a href="concepts.html">Features</a></td><td>provided by ZAP</td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>
<a href="ascan.html">Active scanning</a></td><td></td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>
<a href="../checks.html">Scanner Rules</a></td><td>supported by default</td></tr>
</table>

</BODY>
</HTML>
